Solved: How to custom sort by column headers

DEADBEEF · ‎08-04-2020

I have a table that shows the number of logs by severity over each host. I want to be able to rearrange the severity columns into a specific order but can't figure out how. I tried using custom sort field via eval but didn't seem to work.

Current SPL

index=foo sourcetype=logs
| chart count over server by severity

Current Table Order

server   major   info   critical    minor
serverA   5       10       8          6
serverB   22       5       13         9

Desired Table Order

server   critical  major   minor  info
serverA   8         5       6      10
serverB   13        22      9       5

thambisetty · ‎08-04-2020

use table command to re arrange table header:

| table server critical major minor info

————————————
If this helps, give a like below.

View solution in original post

thambisetty · ‎08-04-2020

use table command to re arrange table header:

| table server critical major minor info

————————————
If this helps, give a like below.

How to custom sort by column headers

chart

table

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?